Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Start apache without all vhosts #2509

Open
justafish opened this issue Dec 14, 2023 · 1 comment
Open

Start apache without all vhosts #2509

justafish opened this issue Dec 14, 2023 · 1 comment
Labels
community

Comments

@justafish
Copy link

Use Case

When creating a new site that uses a letsencrypt certificate, the non-ssl version needs to be deployed and run before the SSL configuration can be added and deployed.
e.g.

    apache::vhost { "${servername}":
        servername => $servername,
        port       => 80,
        docroot    => $docroot,
        block      => 'scm',
        rewrites   => [
            {
                comment      => 'redirect non-SSL traffic to SSL site except letsencrypt',
                rewrite_cond => ['%{HTTPS} off', '%{REQUEST_URI} !^/.well-known/acme-challenge'],
                rewrite_rule => ['(.*) https://%{HTTP_HOST}%{REQUEST_URI}'],
            }
        ],
    }
    ->letsencrypt::certonly { "${servername}":
        plugin               => 'webroot',
        webroot_paths        => [$docroot],
        domains              => [$servername],
        manage_cron          => true,
        cron_hour            => [0,12],
        cron_minute          => '30',
        cron_success_command => '/bin/systemctl reload apache2.service',
    }

    # This can't be uncommented on the first run as apache will fail due the files not existing yet
    #apache::vhost { "${servername}-ssl":
    #    servername => $servername,
    #    port       => 443,
    #    docroot    => $docroot,
    #    block      => 'scm',
    #    ssl        => true,
    #    ssl_cert   => "${$facts['letsencrypt_directory'][$servername]}/fullchain.pem",
    #    ssl_key    => "${$facts['letsencrypt_directory'][$servername]}/privkey.pem",
    #}

Describe the Solution You Would Like

Allow a vhost to be added and processed after apache has started

Describe Alternatives You've Considered

I've tried using puppet stages but this doesn't work, and also looked at transition but that doesn't seem to be quite what I need
@ekohl
Copy link
Collaborator

ekohl commented Dec 15, 2023

The letsencrypt module provides facts so you can look at that. You can also look at mod_md which natively integrates certificate retrieval into Apache and removes the need for external management

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ekohl @justafish @ia-content